Remote
Access VPNs with Preshared Keys
This section discusses configuring VPN 3000 Concentrators to
support remote access implementations. Remote access VPN clients can use any of
the four following common connectivity technologies:
The proliferation of low-cost small routers and firewall devices
is making this an attractive and more secure option for many remote users.
Cisco’s small routers and firewall all support remote access options. For this
example, we assume the remote users are using VPN client software. In any case,
two levels of authentication need to occur. First, the device must authenticate
itself to the concentrator or peer device, and then the user typically must
authenticate on the network to gain access.
Cisco Easy VPN is a software enhancement that enables all three
types of remote access clients to connect easily to the central site with
minimal end user involvement. This is most important with large implementations
and sites with limited local support. Chapter 12 covered the VPN client
software, Chapter
15 covers the VPN 3002 Hardware Client, and Chapter 21 covers the PIX VPN
connections, including Easy VPN. In this chapter, we focus on the VPN
Concentrator that would connect to each of these technologies.
Figure 14-12 shows a scenario to use in the VPN
remote-access configuration example. The Internet was simplified, in case
someone wants to configure the scenario as a lab exercise. The network behind
Rtr1 could be the central site for a large number of remote clients and could
contain multiple LANs.
|
Note |
THE CONCENTRATOR MANAGER IS USED WHENEVER POSSIBLE IN THIS
EXAMPLE, but all steps could be accomplished using the CLI by following the same
menu selections. |
Sections
Comments (0 posted)
Syndication
